tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Switch vulnerable packages to a warning only



On Thu, May 21, 2020 at 04:34:19PM +0000, coypu%sdf.org@localhost wrote:
> It's somewhat unnecessary to have ALLW_VULNERABLE_PACKAGES?=yes (any
> value except no, even empty, would do), but this is probably easier to
> understand.

It makes a difference whether auditing is done at all or if the result
is ignored. Namely on whether the non-existance of the vulnerability
file is an error. So if anything, it should be a trinary option (yes,
no, warn).

Joerg


Home | Main Index | Thread Index | Old Index